Advanced threat protection for patient health information

Overview

Navicent Health operates a designated Level I Trauma Center and one of 42 twice-designated Magnet® hospitals for nursing excellence nationwide. It provides a broad range of community-based, outpatient diagnostic and primary care; extensive home health and hospice care; and comprehensive cancer and rehabilitation services.

The Medical Center, Navicent Health is a 501(c)(3) private, not-for-profit corporation. The hospital is owned by the Macon-Bibb Hospital Authority and maintains an active affiliation with Secure Health Plans of Georgia, a network of central Georgia hospitals and physician providers.

Challenges

Within health systems such as Navicent Health, the already serious risk of targeted threats is compounded. Besides laptops, notebook computers, and smartphones, the hospital’s network hosts numerous biomedical devices that are not under the control of the in-house technology team, and do not run standard antivirus protection.

Medical devices with embedded processors are vulnerable to viruses and other malware threats. However, due to FDA regulations, memory limitations, or proprietary issues, these devices are typically not able to run antivirus or other security protection, and Navicent Health had no way to monitor or control the status of these devices without impacting performance or processes. Such unprotected and unmanaged biomedical devices pose serious risks, since any malfunctioning device can put patient care at risk. An infected device can also act as the source of network-wide infections, causing disruption and/or repeated cleanup costs.

When the Navicent Health security team began to see an alarming increase in time being spent on threat remediation across the health system’s infrastructure, they called on Trend Micro to help them assess end-to-end security, including security for their networked medical devices. While reducing costs and increasing productivity are always priorities, Navicent Health puts patient care first and therefore wanted to maximize the protection of private healthcare information and avoid any malware that could compromise the quality of patient care or privacy.

“From a strategic standpoint, we made a decision about 5 years ago to go with a security vendor that provided a competent ‘Best in Suite’ portfolio, so we standardized on Trend Micro for all of our security requirements. This led to our deployment of Deep Discovery Inspector, which protects the organization from targeted attacks and APTs.”

Why Trend Micro

When the time came to evaluate advanced threat protection, they required a Best of Suite solution—right price, and right vendor, with proven technology, and leading-edge capabilities.

To minimize their risk exposure on non-managed systems and medical devices, Navicent Health implemented Trend Micro’s Deep Discovery Inspector. It offered a cost-efficient solution to track down malware and mitigate its risks, and minimized the IT time required to monitor security. With 360-degree monitoring of network traffic, all ports and over 80 protocols, Deep Discovery Inspector provides network-wide visibility and intelligence to detect and respond to targeted attacks and advanced threats.

It also provides a Web Services API to allow integration with other Trend Micro and third- party products, and a manual submission feature for threat research. Its custom sandboxing environments precisely match target desktop software configurations—resulting in more accurate detections and fewer false positives.

“Deep Discovery quickly paid for itself. In the first 48 hours, [it] detected viruses on vendor owned and maintained biomedical devices from several manufacturers that have traditionally not been as secure as they should be. We now had the visibility on the inside that we had on our perimeter. We are now adding Deep Discovery Analyzer, to our portfolio which will provide us with even better visibility than before and allow us to scale.”

Ty Smallwood,Information Services Security Officer,
Navicent Health

Solution

A security assessment identified several challenges with the previous levels of protection built into Navicent Health’s infrastructure, including vulnerable, non-managed medical equipment and public kiosks. As a first step, Navicent Health updated the previously deployed Trend Micro endpoint and mobility device solutions, and took advantage of many new security advancements, including enhanced control over USB devices and file, email, and web reputation checks.

However, even with strengthened endpoint security, Navicent Health still needed a better way to oversee medical devices, registration kiosks, and other thin-client devices on the health sytem’s network. The local Trend Micro team recommended the introduction of Trend Micro™ Threat Management System, the predecessor of Trend Micro Deep Discovery.

This additional layer of security gave the hospital automatic 24x7 threat monitoring, and gave IT increased visibility of the overall state of security. Ty Smallwood, Information Services Security Officer for Navicent Health, said, “Our first deployment gave us the tools we needed to approach the medical equipment manufacturers, and push them to patch their machines. It was about improving the quality of care we provide. The threat management solution helps us avoid legal liability issues by maintaining high standards with our partners.”

“Deep Discovery gives us an extra layer of security at a time when we are entering into Stage 2 Meaningful Use. This phase of HIPAA compliance calls for more stringent measures. Deep Discovery increases our ability to act quickly—it enhances our compliance position.”

Navicent Health has also taken advantage of Deep Discovery’s enhanced customization capabilities. “Deep Discovery gives us a lot more widgets—we can set up the console so that we get an at-a-glance look at what we are most interested in. Plus we get a sandbox architecture—Deep Discovery goes beyond threat detection to eliminate a lot of false positives with this capability. Now when I get an alert, I know it is something I need to carefully evaluate. This is a definite time saver.”

“Our first deployment of the Trend Micro solution quickly paid for itself,” said Smallwood. “In the first 48 hours, [it] detected viruses on vendor owned and maintained biomedical devices from several manufacturers. Since upgrading to Deep Discovery, we have even better visibility than before. The rules and filters are much more fine-grained. We can more effectively focus on our hot spots and prevent risks from escalating into problems. I have a higher level of comfort—Deep Discovery has proved that it can catch critical threats in our areas of importance.”

“The visibility that we gain from Deep Discovery helps IT focus in the right places, and it also gives me compelling information to share with executives. I can show them exactly which threats we face—the sources, the destinations, and the details. The visual dashboard is a great tool for enlightening management about threats. I really like the dashboard and the meaningful reports because now everyone—not just IT—can understand the big picture.”

What's Next

Navicent Health’s network structure includes multiple VLANs. Therefore, to allow them to scale and have all of their VLAN traffic go through one server, they have made the decision to expand their Deep Discovery deployment with Deep Discovery Analyzer. Deep Discovery Analyzer is a custom sandbox analysis server that will augment the capabilities of Deep Discovery Inspector.

“The visibility that we gain from Deep Discovery helps IT focus in the right places, and it also gives me compelling information to share with executives.”